CVE-2020-11652

Warnung

Exploit

EPSS 94.27%
Veröffentlicht 30.04.2020 17:15:12
Zuletzt bearbeitet 03.04.2025 19:52:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some methods that improperly sanitize paths. These methods allow arbitrary directory access to authenticated users.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 15

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Saltstack ≫ Salt Version < 2019.2.4

Saltstack ≫ Salt Version >= 3000 < 3000.2

Opensuse ≫ Leap Version15.1

Debian ≫ Debian Linux Version8.0

Debian ≫ Debian Linux Version9.0

Debian ≫ Debian Linux Version10.0

Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Blackberry ≫ Workspaces Server Version <= 7.1.3

Blackberry ≫ Workspaces Server Version >= 8.0.0 <= 8.2.6

Blackberry ≫ Workspaces Server Version9.1.0

VMware ≫ Application Remote Collector Version7.5.0

VMware ≫ Application Remote Collector Version8.0.0

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

SaltStack Salt Path Traversal Vulnerability

Schwachstelle

SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.27%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00070.html

Third Party Advisory

Mailing List

https://usn.ubuntu.com/4459-1/

Third Party Advisory

https://www.debian.org/security/2020/dsa-4676

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00047.html

Third Party Advisory

Mailing List

http://packetstormsecurity.com/files/157560/Saltstack-3000.1-Remote-Code-Execution.html

Third Party Advisory